Re: Best Host IDS Tools

[Frank Knobbe <fknobbe () knobbeits com>]

On Mon, 2002-12-23 at 22:37, frank wrote:
> I have just setup my Web server on solaris platform and is planning to
> deploy a freeware IDS. Now I am evaluating the below IDS tools :-
> AIDE
> Snort
> Tripwire
> Chkrootkit
>
> and would like to have the comments from everyone on which is the best IDS
> tools ? 

Frank,

no offense, but I don't think you will get an answer to that question.
It's like asking "which is the best car". There is none, and there are
all. It depends what you want to achieve.

> Or what is the best combination so that I can mix them together to
> form a more complete IDS enabled environment. 

Actually, you already listed a good combination. You are aware that the
software you listed all perform different tasks, right? 

> Or is there any other better
> free IDS tools available ?

There are certainly other free IDS tools out there, not necessarily
better or worse. Check out Samhain as an alternative to Tripwire or
Prelude as an alternative to Snort. Which one is 'better' is an opinion
you will have to make for yourself. I suggest you install each software
and evaluate it for yourself. You should use the software that you feel
more comfortable with, that you can administer easier, and/or that fits
better into your infrastructure. You don't have to use what Joe prefers.

Merry Christmas!
Frank

Attachment: signature.asc
Description: This is a digitally signed message part